From b61e2acb4fae9b07b1b4805f71090b41749e132b Mon Sep 17 00:00:00 2001
From: NullBite <me@nullbite.com>
Date: Wed, 3 Jul 2024 18:54:13 -0400
Subject: [PATCH] system: only set initialPassword if mutable users

---
 hosts/nullbox/impermanence.nix | 1 -
 system/common/me.nix           | 6 +++++-
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/hosts/nullbox/impermanence.nix b/hosts/nullbox/impermanence.nix
index 86b3d9d..914dc2d 100644
--- a/hosts/nullbox/impermanence.nix
+++ b/hosts/nullbox/impermanence.nix
@@ -107,7 +107,6 @@ in {
 
     users.mutableUsers = false;
     users.users.nullbite.hashedPasswordFile = "/persist/passfile/nullbite";
-    users.users.nullbite.initialPassword = null;
     users.users.root.hashedPasswordFile = "/persist/passfile/root";
   };
 }
diff --git a/system/common/me.nix b/system/common/me.nix
index e545f1a..1f3eeab 100644
--- a/system/common/me.nix
+++ b/system/common/me.nix
@@ -16,8 +16,12 @@ in
       packages = with pkgs; [
         keychain
       ];
-      initialPassword = lib.mkDefault "changeme";
       shell = pkgs.zsh;
+
+      # this should only be configured if mutableUsers is enabled, otherwise it
+      # behaves the same as `password` and takes precedence over
+      # `hashedPasswordFile`, which is undesirable.
+      initialPassword = lib.mkIf config.users.mutableUsers (lib.mkDefault "changeme");
     };
 
     users.groups.nullbite.gid = 1000;